Elson Geaves (“We”) are committed to protecting and respecting your privacy.
Our registered company number is 06906165 and our registered company address is 12 Haviland Road, Ferndown Industrial Estate, Wimborne, Dorset. BH21 7RG.
Questions, comments and requests regarding this Privacy Notice are welcomed and should be addressed to firstname.lastname@example.org. If you wish to contact us by phone, the general number is 01202 581999.
For the purpose of Data Protection legislation, the Data Controller is Elson Geaves Accountants Limited.
The contact details of our Data Protection Officer are Gary Kearley, FCPA, Elson Geaves, 12 Haviland Road, Ferndown Industrial Estate, Wimborne, Dorset. BH21 7RG..
Purpose of this Privacy Notice
This notice sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. We keep certain basic information when you visit our website and recognise the importance of keeping that information secure and letting you know what we will do with it.
This policy only applies to our site. Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Information we may collect from you
We will not collect any personal data about you from our website only statistical data will be extracted from any visit you may make.
In the context of GDPR, Personal Data means, ‘Any information relating to an identified or identifiable natural person, including by means of an identification number or one or more factors specific to an individual’s physical, physiological, mental, economic, cultural or social identity (including IP addresses and cookie strings).’
Data Protection Policy
The Company is committed to working in accordance with the General Data Protection Regulation and with the highest standards of ethical conduct.
This policy outlines the behaviours and standards required of the; organisation, all employees, workers and third parties in relation to the collection, retention, transfer, disclosure, use and destruction of any personal data.
Data Protection Principles
The Organisation is committed to adhering to the Data Protection Principles which state:
1. Data must be processed lawfully, fairly and in a transparent manner
2. Data must be obtained for specified, explicit and legitimate purposes and not further
processed in a manner that is incompatible with those purposes
3. Data processed must be adequate, relevant and limited to what is necessary
4. Data must be accurate and, where necessary, kept up to date, every reasonable step
must be taken to ensure data that are inaccurate, are erased or rectified without delay.
5. Data must not be kept for longer than is necessary for the purposes for which the data
6. Data must be processed in a manner that ensures appropriate security of the personal
data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage, using appropriate technical or organisational measures.
Information is kept and processed about individuals for legal purposes (such as for payroll), for administration purposes and for the purposes of day-to-day people-management. The Company is aware that in order to process personal data, or sensitive personal data the Company must rely on the data being:
– necessary for the performance of a contract, or;
– in preparation for a contract, or;
– to comply with our legal obligations, or;
– for our legitimate business interests or;
– to perform a task carried out in the public interest or in the exercise of an official authority.
If the organisation wishes to hold and process data which does not fall within conditions listed above then it will seek to obtain the consent of the individual.
Elson Geaves collects and processes the following personal data:
– Employee data; name, address, bank details NI number, contact details for the
purposes of payroll.
– Client data; name, address, NI number, UTR number, tax code data, Employee PAYE
number, contact details for the purposes of accounts and taxation assistance and on occasions bank details.
Right of Access
Individuals have the right to access to information stored about them. Employees can ask for access to their own personal details held electronically or held manually. Employees who wish to see their records should give notice electronically, in writing to one of the partners/Directors.The Company has up to 1 month to provide the information following the subject access request, which it will usually do in electronic format.
In complex cases, or where there are numerous related requests, the Company will liaise with the individual to inform them of progress, and if it is not possible to complete the request within 1 month, the Company will inform the individual of the delay, the reasons for the delay and reserves the right to extend the timescale for completion by up to a further 2 months.
In the event that data is retained with third parties, the Company will ensure that the request is communicated and actioned by the third party in line with the timescales outlined above, unless impossible or would require disproportionate effort
The Company reserves the right to charge a fee or refuse to a respond to a request if it is manifestly unfounded or excessive. Similarly, the Company reserves the right to withhold personal data if disclosing it would adversely affect the rights and freedoms of others.
Rectification of Data
The Company is committed to keeping data that is accurate and up to date. Data will be checked for accuracy where possible, and any data that is in accurate, out of date or unnecessary will be corrected or erased as appropriate.
Where an individual identifies that their personal data is incorrect, or incomplete or where they are aware that their personal data has changed, they must inform the organisation as soon as possible. The organisation will then take steps to rectify any inaccuracies as soon as possible, and at the latest within 1 month.
In complex cases, or where there are numerous cases, the Company will liaise with the individual to inform them of progress, and if it is not possible to complete the request within 1 month, the Company will inform the individual of the delay and the reasons for the delay and reserves the right to extend the timescale for completion by up to a further 2 months.
In the event that data has been disclosed to third parties, the Company will ensure that the request for rectification is communicated and actioned by the third party in line with the timescales outlined above, unless this is impossible or would involve disproportionate effort.
The Right to be Forgotten
Also known as ‘the right to erasure’, the right to be forgotten doesn’t provide an absolute right to be forgotten, but data subjects have a right to have personal data erased and to prevent processing in some circumstances i.e.
Where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed;
When the individual withdraws consent;
When the individual objects to the processing and there is no overriding legitimate interest for continuing the processing;
The personal data was unlawfully processed;
The personal data has to be erased in order to comply with a legal obligation;
The personal data is processed in relation to the offer of information society services to a child.
If you wish to ask for your own personal data to be partially/fully erased and no longer processed, please write to a Director of Elson Geaves with full details of your request. The Company has up to 2 month to respond to you and either delete the data or explain why it is unable to comply with your request. Circumstances where the Company may be unable to comply include there it is required to retain the information by law, or if the data is needed in connection with legal proceedings.
In complex cases, or where there are numerous related requests, the Company will liaise with you to inform you of progress, and if it is not possible to respond to your request within 1 month, the Company will inform you of the delay, the reasons for the delay and reserves the right to extend the timescale for completion by up to a further 2 months, if necessary.
In the event that data is retained with third parties, the Company will ensure that the request is communicated and if appropriate actioned by the third party in line with the timescales outlined above.
Security of Data
The Company is committed to taking steps to ensure that personal data is protected, and to prevent any unauthorised access, accidental loss, destruction, unlawful processing, equipment failure or human error, and will do this through the continual monitoring of our security systems and by regular training and awareness raising.
Any data breaches or near misses will be managed in the best interest of all concerned and if the directors feel the matter is serious will report to the Data Protection Agency for additional guidance.
Elson Geaves is committed to ensuring that subject data is kept for no longer than necessary and only kept as long as it’s relevant and necessary for legitimate purposes. As
soon as data is no longer necessary for the purposes for which it was originally collected, it will be securely deleted, unless it is necessary to keep the data.
The Company does not intentionally keep data longer than necessary and when data is no longer required, the Company is committed to securely deleting it as soon as possible.
For more information and our retention guidelines, please refer to our Data Retention Policy.
All staff are responsible for data protection and should be alert to any actual, suspected, threatened or potential data protection breaches. As soon as a data protection breach has been discovered, where possible, the member of staff should report a Data Protection Breach to a Director (to the fullest extent possible at that time), which should provide full details concerning the breach. The report of the breach should then be reported to a Director as soon as possible and within 2 hours of the discovery of the breach.
For more information regarding managing data protection breaches please refer to the Data Protection Breach Reporting Policy and Procedure.
Transferring Personal Data to a Country Outside the EEA
We confirm that whilst we will transfer your data to third parties and suppliers within the EEA, we will not transfer your data to a country outside the EEA.
Data Protection Officer
The Organisation has appointed a Data Protection Officer, who will support the organisation to manage Data Protection and will work with the Executive Board in this respect. Any queries or concerns can be addressed directly to the Data Protection Officer, Mr Gary Kearley.
We are committed to monitoring this policy and will update it as appropriate, on an annual basis or more frequently if necessary.
Any queries or concerns can be addressed directly to the Data Protection Officer on please include contact details.
Data Retention Policy (GDPR)
Elson Geaves is committed to managing and handling personal data in line with best practice and data protection principles. As such this Policy details the procedures to use to ensure timely and secure disposal of documents and records that are no longer required for business purposes.
Elson Geaves holds a wide variety of personal data, for employees and clients, as well as financial data, HR data, marketing data, client data and so on, many of which include personal data. This data is held in various formats including; letters, emails, contracts, forms, software systems in both hard copy and electronic form.
It is essential that this policy is adhered to, as premature destruction of documents could result in an inability to defend claims, business difficulties and failure to comply with data protection legislation, whilst appropriate destruction and disposal will ensure that the storage space is maximised and we are not keeping documents for an unnecessarily long period of time which would breach data protection legislation.
This policy applies to all the information held by Elson Geaves and also any personal data that may be held by data processors (service providers) where they are processing information on the Company’s behalf.
All staff are responsible for ensuring that the records that they create/maintain are accurate, maintained and disposed of in accordance with this policy. It is recognised that the documentation created and maintained by the Company will change over time and therefore this policy should be viewed as a living document and it will be reviewed on an annual basis, or as necessary, if sooner.
Appendix 1 details the retention periods for specific types of documents and records.
Hard copies of confidential documents or personal data should be disposed of using the confidential waste bins and sacks. Under no circumstances should any personal or confidential data be disposed of in any other manner, as this would potentially breach data protection legislation.
Disposal of documents which do not contain personal data or confidential information can be disposed of in any bin, or by recycling or by electronic deletion in the case of electronic documents.
Documents that are destroyed must be done so using an approved confidential waste provider and records retained to support the sack destruction.